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DETAILED ACTION 

1 . Claims 1 -23 are pending. 

Information Disclosure Statement 

2. The IDS of 03/19/02 was received and considered. 

Claim Objections 

3. Claims 8, 15, 22, and 23 are objected to because of the following 
informalities: 

a. Regarding claim 8, there are two consecutive semi-colons at the 
end of line 9. 

b. Regarding claim 15, there are two consecutive semi-colons at the 
end of line 11. 

c. Regarding claim 22, there are two consecutive semi-colons at the 
end of line 10. 

d. Regarding claim 23, there are two consecutive semi-colons at the 
end of line 16. 

Appropriate correction is required. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 1 02 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 
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5. Claims 1-23 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Skene et al, hereinafter "Skene", (U.S. Patent Application Publication 
Number 2001/0052016) in view of Ye (U.S. Patent Number 6,772,348). 

6. Regarding claims 1 and 2, Skene discloses a computer system providing 
Internet protocol security without secure domain name resolution, the system 
comprising: a local domain name service (DNS) server (Fig. 1 , #110). Skene 
also discloses that a local DNS receives request messages including a domain 
name, after which the local DNS cache is searched to match the domain name 
(Fig. 4), but Skene lacks an IPSEC cache. 

However, Ye discloses a server (Col. 4, lines 8-14) communicatively 
computed to a processor/host computer (Fig. 2, #70), that includes a secure 
Internet security protocol (IPSEC) cache/cache table (Fig. 2, #120), wherein the 
secure IPSEC cache/cache table, is readable only by an Internet protocol (IP) 
processing layer/IPSEC driver (Fig. 2, #72), of an operating system that controls 
execution of an application program by the processor/host computer, (Col. 5, 
lines 50-54), a security policy data store/policy agent (Fig. 2, #90), that is 
communicatively coupled to the IP processing layer/IPSEC driver, a computer- 
readable medium accessible to the processor/host computer, and comprising 
one or more sequences of instructions which, when executed by the 
processor/host computer, cause the processor/host computer, to carry out the 
steps of: receiving a message/incoming packet (Fig. 4, #84), generated as a 
result of execution of the application program that contains a domain name (Fig. 
6, #160), searching the secure IPSEC cache/cache table, for an entry that 
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matches the domain name (Fig. 6, #164), querying the security policy data 
store/policy agent, for an IPSEC policy/SA (Security Association) (Fig. 4, #136), 
matching the domain name (Fig. 6, #166), applying the IPSEC policy/SA, to the 
message/incoming packet, (Fig. 6, #178), and purging the matching entry from 
the cache (Fig. 6, #180), wherein the secure IPSEC cache/cache table, 
comprises a plurality of cache entries (Fig. 4, #124), wherein each cache entry 
comprises a DNS name, one or more corresponding IP addresses, and 
information that uniquely associates the cache entry with a particular application 
process or execution time (Col. 6, lines 51-60). Therefore, it would have been 
obvious to one of ordinary skill in the art at the time the invention was made to 
modify Skene's DNS server to include a processor, security policy data store, 
IPSEC cache, and a computer-readable medium as described by Ye. One of 
ordinary skill in the art would have been motivated to perform such a modification 
because you gain the benefit of enhanced speed, as taught by Ye (Col. 2, lines 
17-23). 

7. Regarding claims 3 and 4, Skene as modified above, discloses a 
computer system as recited in Claim 2, wherein the step of searching the secure 
IPSEC cache/cache table, further comprises the step of searching the secure 
IPSEC cache/cache table, for an entry that matches a process identifier/filter flag 
(Ye, Fig. 4, #136), of the application program (Ye, Col. 6, lines 56-60), based on 
the information that uniquely associates the cache entry with a particular 
application process or execution time/communication stream (Ye, Col. 7, P), 
wherein the information that uniquely associates the cache entry with a particular 
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application process or execution time/communication stream, comprises a 
process identifier value/filter flag, and a transaction identifier value/index value 
(Ye, Fig. 6, #162). 

8. Regarding claim 5, Skene as modified above, discloses a computer 
system as recited in Claim 4, wherein the step of searching the secure IPSEC 
cache/cache table, further comprises the step of searching the secure IPSEC 
cache/cache table, for an entry that matches a process (Ye, Fig. 6, #168) and 
transaction (Ye, Fig. 6, #162) associated with the application 
program/communication stream, based on the process identifier value/filter flag, 
and transaction identifier value/index value, in the cache. 

9. Regarding claim 6, Skene as modified above, discloses a computer 
system as recited in Claim 1, further comprising the step of querying the security 
policy database/policy agent, for an IPSEC policy/SA, based on an IP address 
(Ye, Col. 2, lines 26-32 & Col. 7, lines 5-9). The invention of Ye discloses a 
system that derives an index value based on a packet's IP address (Ye, Col. 7, 
lines 5-9). The index value is used to search for a matching SA from the cache 
table (Ye, Col. 7, fl5 to Col. 8, fl). 

10. Regarding claim 7, Skene as modified above, discloses a computer 
system as recited in Claim 1, further comprising the steps of: receiving a request 
to resolve a DNS name into network addresses/IP address, resolving the DNS 
name using the local DNS server (Fig. 4, #202), resulting in generating one or 
more network addresses/IP addresses, corresponding to the DNS name, 
determining identifier information/filter flag, that uniquely associates the request 
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with a particular application process or execution time/communication stream, 
and storing the DNS name, the network addresses/IP addresses, and the 
identifier information/filter flag, as an entry in the secure IPSEC cache/cache 
table, (Col. 7, lines 9-36). 

1 1 . Claims 8-14 are rejected under similar rationale as per claims 1 -7. 

12. Regarding claims 15 and 22, Skene as modified above, discloses a 
computer-readable medium carrying one or more sequences of instructions for 
providing Internet protocol security without secure domain name resolution, 
which instructions, when executed by one or more processors/host computer, 
cause the one or more processors/host computer, to carry out the steps of: 
receiving a message/incoming packet, generated as a result of execution of an 
application program/communication stream, and that contains a domain name 
(Fig. 4, #202), searching a secure Internet security protocol (IPSEC) 
cache/cache table, for an entry that matches the domain name (Fig. 4, #203), 
wherein the secure IPSEC cache/cache table, is communicatively coupled to a 
local domain name service (DNS) server (Fig. 1, #110), and wherein the secure 
IPSEC cache/cache table, is readable only by an Internet protocol (IP) 
processing layer/IPSEC driver, of an operating system that controls execution of 
the application program/communication stream, querying a security policy data 
store/policy agent, that is communicatively coupled to the IP processing 
layer/IPSEC driver, for an IPSEC policy/SA, matching the domain name (Ye, Fig. 
6, #166), applying the IPSEC policy/SA, to the message/incoming packet, and 
purging the matching entry from the cache (Ye, Fig. 6, #180). 
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17. Claims 16-21 are rejected under similar rationale as per claims 2-7. 

18. Regarding claim 23, Skene as modified above, discloses an apparatus for 
providing Internet protocol security, without secure domain name resolution, for 
messages that are carried by a packet-switched data network (Ye, Fig. 2), 
comprising: a network interface that is coupled to the data network for receiving 
one or more packet flows therefrom (Ye, Fig. 2, #84), a processor/host computer, 
one or more stored sequences of instructions which (Ye, Col. 3, lines 2-4), when 
executed by the processor/host computer, cause the processor/host computer, to 
carry out the steps of: receiving a message/incoming packet, generated as a 
result of execution of an application program/communication stream, and that 
contains a domain name (Page 4, Col. 1, lines 17-20), searching a secure 
Internet security protocol (IPSEC) cache/cache table, for an entry that matches 
the domain name (Ye, Fig. 6, #164), wherein the secure IPSEC cache/cache 
table, is communicatively coupled to a local domain name service (DNS) server 
(Fig. 1, #110), and wherein the secure IPSEC cache/cache table, is readable 
only by an Internet protocol (IP) processing layer/IPSEC driver, of an operating 
system that controls execution of the application program, (Ye, Col. 5, lines 50- 
54), querying a security policy data store/policy agent, that is communicatively 
coupled to the IP processing layer/IPSEC driver, for an IPSEC policy, matching 
the domain name (Ye, Fig. 6, #166), applying the IPSEC policy/SA to the 
message/incoming packet (Ye, Fig. 6, #178), and purging the matching entry 
from the cache (Ye, Fig. 6, #180). 
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Conclusion 

19. Claims 1-23 have been rejected. 

20. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

e. United States Patent 6,353,886 is sited for disclosing a DNS server 
that validates a security policy and implements IPSEC. 

f. United States Patent 6,253,321 is sited for disclosing a data IPSEC 
processing system including a policy manager that implements a security 
protocol based on processing data in packets. 

g. United States Patent Application Publication 2004/0093434 is sited 
for disclosing network address translation implemented using IPSEC and 
a DNS server. 

21 . Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Aubrey H. Berger whose telephone number is 
(571)272-8155. The examiner can normally be reached on Monday - Thursday, 
7:30 a.m. -5:00 p.m.. 

If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Greg Morse can be reached on (571)272-3838. The fax 
phone number for the organization where this application or proceeding is 
assigned is 703-872-9306. 
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Information regarding the status of an application may be obtained from 
the Patent Application Information Retrieval (PAIR) system. Status information 
for published applications may be obtained from either Private PAIR or Public 
PAIR. Status information for unpublished applications is available through 
Private PAIR only. For more information about the PAIR system, see http://pair- 
direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll- 
free). 
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